RE: Splitting a child domain from it's forest

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Alex Zhang (v-qiz_at_online.microsoft.com)
Date: 04/23/04 

Date: Fri, 23 Apr 2004 08:43:46 GMT

Hello Jerod,

Thank you for posting here.

In the Computer Migration Wizard, you can specify the types of objects for
which you want ADMT to translate security. You can select the following
object types including User profiles:

Files and folders
Local groups
Printers
Registry
Shares
User profiles
User rights

If you have any questions or concerns, please do not hesitate to let me
know. I am happy to be of assistance.

Thanks and regards,
Alex Zhang
Microsoft Partner Online Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Content-Class: urn:content-classes:message
| From: "Jerod" <anonymous@discussions.microsoft.com>
| Sender: "Jerod" <anonymous@discussions.microsoft.com>
| References: <254a01c427e4$3b71ff90$a601280a@phx.gbl>
<0r2GifEKEHA.3564@cpmsftngxa10.phx.gbl>
| Subject: RE: Splitting a child domain from it's forest
| Date: Thu, 22 Apr 2004 09:58:46 -0700
| Lines: 120
| Message-ID: <2e7701c4288b$13ada9d0$a301280a@phx.gbl>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Thread-Index: AcQoixOopWT25bXeTciyjehBasXMgA==
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Newsgroups: microsoft.public.windows.server.migration
| Path: cpmsftngxa10.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.windows.server.migration:9924
| NNTP-Posting-Host: tk2msftngxa11.phx.gbl 10.40.1.163
| X-Tomcat-NG: microsoft.public.windows.server.migration
|
| If I use the ADMT how do I keep the user profiles for my
| 200 users, I definitely don't want to visit each location
| and migrate for them. Also, what about terminal services
| profiles? Any info on how to preserve those settings?
|
|
| >-----Original Message-----
| >Hello Jerod,
| >
| >Thank you for posting here.
| >
| >I understand that you want to remove the child domain
| from the current
| >forest and create a new forest/domain.
| >You could use the following steps:
| >
| >1. Create a new domain in a new computer.
| >2. Use ADMT Utility to migrate all the data (User,
| computer etc.)
| >
| >For more information you may browse the following web
| sites:
| >
| >HOW TO: Set Up ADMT for Windows NT 4.0 to Windows 2000
| Migration
| >http://support.microsoft.com/default.aspx?scid=kb;en-
| us;260871
| >
| >How to Use Active Directory Migration Tool Version 2 to
| Migrate from
| >Windows 2000 to Windows Server 2003
| >http://support.microsoft.com/default.aspx?scid=kb;en-
| us;326480
| >
| >In regards to the Exchange System, I would agree that the
| suggestion you
| >mentioned, would be the best option at the moment.
| >
| >In addition, if you want to ask any Exchange questions,
| please post in the
| >microsoft.public.exchange newsgroup. We recommend posting
| appropriately so
| >you will get the most qualified pool of respondents, and
| so other partners
| >who regularly read the newsgroups can either share their
| knowledge or learn
| >from your interaction with us.
| >
| >I hope the information is helpful.
| >If you have any questions or concerns, please do not
| hesitate to let me
| >know.
| >
| >Thanks and regards,
| >Alex Zhang
| >Microsoft Partner Online Support
| >Get Secure! - www.microsoft.com/security
| >=====================================================
| >When responding to posts, please "Reply to Group" via
| your newsreader so
| >that others may learn and benefit from your issue.
| >=====================================================
| >This posting is provided "AS IS" with no warranties, and
| confers no rights.
| >--------------------
| >| Content-Class: urn:content-classes:message
| >| From: "Jerod" <anonymous@discussions.microsoft.com>
| >| Sender: "Jerod" <anonymous@discussions.microsoft.com>
| >| Subject: Splitting a child domain from it's forest
| >| Date: Wed, 21 Apr 2004 14:04:27 -0700
| >| Lines: 26
| >| Message-ID: <254a01c427e4$3b71ff90$a601280a@phx.gbl>
| >| MIME-Version: 1.0
| >| Content-Type: text/plain;
| >| charset="iso-8859-1"
| >| Content-Transfer-Encoding: 7bit
| >| X-Newsreader: Microsoft CDO for Windows 2000
| >| thread-index: AcQn5DtxfKkEW6sdQdOG8vMzFV+1VQ==
| >| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| >| Newsgroups: microsoft.public.windows.server.migration
| >| Path: cpmsftngxa10.phx.gbl
| >| Xref: cpmsftngxa10.phx.gbl
| microsoft.public.windows.server.migration:9895
| >| NNTP-Posting-Host: tk2msftngxa14.phx.gbl 10.40.1.166
| >| X-Tomcat-NG: microsoft.public.windows.server.migration
| >|
| >| We have recently been told that we have to seperate our
| >| Child Domain from our corporate forest as this branch
| of
| >| the company is splitting from the company to form an
| >| entirely seperate company.
| >|
| >| What I need to do is take our child domain and remove
| it
| >| from it's current forest and then create a new
| >| forest/domain with it. We have the following setup.
| >|
| >| 2 AD Controllers
| >| 1 SQL Server
| >| 8 Terminal Servers (7 are clustered, one is management
| >| server)
| >| 200 Users with roaming profiles
| >| 150 thin clients
| >| A NAS device that has all file shares and roaming
| profiles
| >|
| >| Any recommendations on how to perform this forest split?
| >|
| >|
| >| Exchange System
| >| The Exchange box is in the root domain and we have zero
| >| access to it, the admin of that box is going to us
| exmerge
| >| to provide me the .pst's of my users, I have to setup a
| >| new Exchange install in the new forest and import the
| >| users pst files, what is the best way of doing this?
| >|
| >
| >.
| >
|

Relevant Pages

  • Re: Replacing a parent domain by its child domain
    ... You would need to create a completely new forest. ... No child domain can take over. ... MVP Microsoft MVP - Directory Services ...
    (microsoft.public.windows.server.active_directory)
  • Re: Orphaned Child Domains into new forest
    ... I know you want to connect child domaininto a different forest. ... Connect the remote forest with your forest over WAN and create trust ... promote a DC of the remote child domain in your location. ... Orphaned Child Domains into new forest ...
    (microsoft.public.windows.server.migration)
  • Re: User autentification and access to "sister" domain resources
    ... You can do GP links across domains in the same forest. ... administrative accounts delegated to the OUs in the child domain. ... >, thanks for SUS answer. ... > And it isn't, of course, a comlpete list of reasons because of complexity ...
    (microsoft.public.win2000.active_directory)
  • Re: NTDS.dit security in 2003 child domain
    ... The Forest is the security boundary. ... Jorge will tell you this: give me access to any Domain Controller in the ... I have created a test child domain, ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain Migrations
    ... AD2003 forest with an emtpy root and 2 child domains. ... within company A's child domain and migrate everything from company B's ... Domain aren't security Boundaries, ... More administration is required ...
    (microsoft.public.windows.server.active_directory)